CloudFlare و Real IP

bitwelder · 16 يناير 2024، 6:26ص

I have been trying to get real ips to show up in Discourse without much success. I have add the cloudflare yml to my setup and have validated the discourse.conf in the container has the correct lines:

set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
real_ip_header CF-Connecting-IP;

I have also validated that $http_cf_connecting_ip has the correct IP in the logs but for some reason $remote_addr is not being set properly. Has anyone else hit this?

pfaffman · 16 يناير 2024، 4:49م

Maybe use the cloudflare template?

add

  - "templates/cloudflare.template.yml"

to your app.yml where the other templates are.

bitwelder · 16 يناير 2024، 4:50م

Thanks for the response! I am using the cloudflare template. After further digging it appears that it is not working because all remote_addr coming into nginx are Docker addresses. I am trying to diagnose why this is.

pfaffman · 16 يناير 2024، 4:51م

Are you also using a local reverse proxy server? If so, you’ll need to add that address to your set_real_ip config (and maybe the reverse proxy will handle the cloudflare stuff?)

bitwelder · 16 يناير 2024، 5:03م

I am not intentionally running a reverse proxy but I have specified a specific IP for exposing ports in my app.yml.

expose:
  - "xxx.xxx.xxx.xxx:80:80"    # http
  - "xxx.xxx.xxx.xxx:443:443"  # https

pfaffman · 16 يناير 2024، 5:44م

I don’t know. Maybe you need to include some docker IPs?

Is the IP that’s getting displayed by Discourse a docker ip?

Stephen · 16 يناير 2024، 5:46م

Did you follow the standard install? This usually works out of the box with the template.

bitwelder · 17 يناير 2024، 4:12م

Thank you both for the help! It ended up that Immunify360 on our VPS was injecting itself as a proxy prior to the container. Adding the Docker IP to the set_real_ip_from temporarily fixed the issue while I look into disabling Immunify.

system · 16 فبراير 2024، 4:13م

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

الموضوع		الردود	مرات العرض
Suggestion for Cloudflare template to get real IP from users Installation	3	793	28 نوفمبر 2022
How to set set_real_ip_from for discourse Support	10	3734	8 يونيو 2024
Cloudflare template not working when there is an intermediate proxy Installation	2	389	10 مايو 2022
Last IP shows Reverse Proxy IP address Support	6	2385	8 أكتوبر 2022
Security section shows Cloudflare IP instead of user's IP Installation	5	470	26 فبراير 2024

CloudFlare و Real IP

الموضوعات ذات الصلة